rpms/kdelibs/devel kdelibs-4.0.3-khtml-security.patch, NONE, 1.1 kdelibs.spec, 1.308, 1.309
Lukas Tinkl (ltinkl)
fedora-extras-commits at redhat.com
Tue Apr 22 16:31:28 UTC 2008
- Previous message (by thread): rpms/sugar-base/OLPC-2 .cvsignore, 1.9, 1.10 sources, 1.9, 1.10 sugar-base.spec, 1.8, 1.9
- Next message (by thread): rpms/php-pear-PHP-CompatInfo/devel .cvsignore, 1.7, 1.8 php-pear-PHP-CompatInfo.spec, 1.8, 1.9 sources, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ltinkl
Update of /cvs/extras/rpms/kdelibs/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18036
Modified Files:
kdelibs.spec
Added Files:
kdelibs-4.0.3-khtml-security.patch
Log Message:
fix buffer overflow in KHTML's image loader (KDE advisory 20080426-1)
kdelibs-4.0.3-khtml-security.patch:
--- NEW FILE kdelibs-4.0.3-khtml-security.patch ---
--- khtml/imload/decoders/pngloader.cpp
+++ khtml/imload/decoders/pngloader.cpp
@@ -109,6 +109,8 @@ private:
if (colorType == PNG_COLOR_TYPE_RGB)
colorType = PNG_COLOR_TYPE_RGB_ALPHA; //Paranoia..
+ else if (colorType == PNG_COLOR_TYPE_GRAY)
+ colorType = PNG_COLOR_TYPE_GRAY_ALPHA;
}
ImageFormat imFrm;
@@ -192,6 +194,7 @@ private:
{
if (interlaced)
{
+ Q_ASSERT(pngReadStruct->row_info.pixel_depth <= depth * 8);
requestScanline(rowNum, scanlineBuf);
png_progressive_combine_row(pngReadStruct, scanlineBuf, data);
notifyScanline(pass + 1, scanlineBuf);
Index: kdelibs.spec
===================================================================
RCS file: /cvs/extras/rpms/kdelibs/devel/kdelibs.spec,v
retrieving revision 1.308
retrieving revision 1.309
diff -u -r1.308 -r1.309
--- kdelibs.spec 16 Apr 2008 16:06:04 -0000 1.308
+++ kdelibs.spec 22 Apr 2008 16:30:35 -0000 1.309
@@ -1,7 +1,7 @@
Summary: K Desktop Environment 4 - Libraries
Version: 4.0.3
-Release: 6%{?dist}
+Release: 7%{?dist}
%if 0%{?fedora} > 8
Name: kdelibs
@@ -79,6 +79,8 @@
Patch13: kdelibs-4.0.3-fedora-buildtype.patch
# patch KStandardDirs to use %{_libexecdir}/kde4 instead of %{_libdir}/kde4/libexec
Patch14: kdelibs-4.0.3-libexecdir.patch
+#Â Buffer overflow in KHTML's image loader
+Patch15: kdelibs-4.0.3-khtml-security.patch
## upstream patches
# based on SVN commit 793504 by dfaure
@@ -202,6 +204,7 @@
%patch12 -p1 -b .Administration-menu
%patch13 -p1 -b .fedora-buildtype
%patch14 -p1 -b .libexecdir
+%patch15 -p0 -b .khtml-security
%patch100 -p1 -b .kconfig_sync_crash
%patch101 -p1 -b .klauncher-crash
@@ -364,6 +367,9 @@
%changelog
+* Tue Apr 22 2008 Lukáš Tinkl <ltinkl at redhat.com>
+- fix buffer overflow in KHTML's image loader (KDE advisory 20080426-1)
+
* Fri Apr 04 2008 Than Ngo <than at redhat.com> - 4.0.3-6
- apply upstream patch to fix klauncher crash
- fix kconfig_sync_crash patch
- Previous message (by thread): rpms/sugar-base/OLPC-2 .cvsignore, 1.9, 1.10 sources, 1.9, 1.10 sugar-base.spec, 1.8, 1.9
- Next message (by thread): rpms/php-pear-PHP-CompatInfo/devel .cvsignore, 1.7, 1.8 php-pear-PHP-CompatInfo.spec, 1.8, 1.9 sources, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list